Archieven

16-04-07

New fake codecs : now for images

Panda Software labs have just discovered a new malware that is trying to hide between a codec. People are looking for codecs because nobody takes any responsability for the chaos of formats for the users. It should be up for Microsoft, Apple and the linux community to deliver the only authorized codec packages and integrate those with most of the players (with an auto-update).

They have named it Adware/ImageAccesActiveXObject and it offers us to "enjoy" some porn images by installing an ActiveX supposedly needed to whatch them.

Note - we've always said that pornsurfers should be very well protected and should not be allowed on computers or networks with highly important data.

What it really does is to register a class Imageactivexobject.Ñhl that checks the web site we are visiting, so if we are on that particular website it redirects the browser to a different one where we could see the photos.

This is part of the script where this is checked:

When you click on the photos to watch them a message says that the domain has expired. It also checks if it is running on a virtual machine (so is a virtual machine becoming a necessary defense on important computers ?)

It drops Adware/SpyLocked and Adware/Securitytoolbar that show fake alerts about your computer or its infections and popups ads of all kinds.